Back to skill

Security audit

Agent Team Kit

Security checks across malware telemetry and agentic risk

Overview

This is a transparent workflow kit, but it can make agents coordinate and start work repeatedly without enough built-in approval boundaries.

Install only if you intentionally want agents to run a self-service team workflow. Before enabling the heartbeat, define which queues and repositories are in scope, require human approval for destructive, deployment, public, financial, account, or credential-related actions, cap agent spawning, and review changes before committing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill instructs users to copy and merge process and heartbeat files into a repository without any warning that these files change team workflow and can enable autonomous behavior. That omission increases the chance that operators will adopt process automation they do not fully review, which can lead to unintended repository changes or self-directed task execution.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The heartbeat section encourages periodic checks that can spawn agents, alert roles, and nudge owners, but it does not clearly warn that heartbeat-driven automation may trigger proactive or autonomous actions. In an agent environment, that omission can normalize unattended operation and make it easier for the system to act without sufficient human oversight.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The quick-reference table uses broad, trigger-like conditions such as 'Dev task ready' and 'Work stuck' that can prompt automatic agent spawning without strong scoping, authorization checks, or confirmation criteria. In an autonomous coordination skill, this increases the chance of unintended activation, excess delegation, or cascaded agent actions based on ambiguous state.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Key Principles

### 1. Self-Service
If work is in the Ready queue, any agent can pick it up. No approval needed. First claim wins.

### 2. Clear Ownership
Every phase has ONE owner. No "shared responsibility" (which means no responsibility).
Confidence
88% confidence
Finding
No approval

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Key Principles

### Self-Service
If it's in Ready, any agent can pick it up. No approval needed.

### Clear Ownership
Every phase has ONE owner. No ambiguity.
Confidence
90% confidence
Finding
No approval

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| Bad | Why | Fix |
|-----|-----|-----|
| Return HEARTBEAT_OK without checking | Loop dies silently | Actually run the checklist |
| Do the work yourself instead of spawning | You become the bottleneck | Spawn specialists |
| Ask "what's next?" | That's the team's job to figure out | Check backlog, spawn who's needed |
| Wait for human direction | Defeats autonomy | Execute from Ready queue |
Confidence
77% confidence
Finding
without checking

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.